Skip to main content

Speakout Email Petitions

2 CVEs product

Monthly

CVE-2026-39530 CRITICAL Act Now

Unauthenticated SQL injection in the SpeakOut! Email Petitions WordPress plugin (versions ≤ 4.6.5) allows remote attackers to inject arbitrary SQL into backend database queries without credentials or user interaction. Reported by Patchstack and tracked as EUVD-2026-36960, the flaw carries a CVSS 3.1 score of 9.3 driven by a changed scope and network-reachable attack surface. No public exploit identified at time of analysis, but the trivial exploitability and WordPress plugin ecosystem make opportunistic mass-scanning likely.

SQLi Speakout Email Petitions
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2022-0846 CRITICAL POC Act Now

The SpeakOut!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Speakout Email Petitions
NVD WPScan
CVSS 3.1
9.8
EPSS
8.8%
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated SQL injection in the SpeakOut! Email Petitions WordPress plugin (versions ≤ 4.6.5) allows remote attackers to inject arbitrary SQL into backend database queries without credentials or user interaction. Reported by Patchstack and tracked as EUVD-2026-36960, the flaw carries a CVSS 3.1 score of 9.3 driven by a changed scope and network-reachable attack surface. No public exploit identified at time of analysis, but the trivial exploitability and WordPress plugin ecosystem make opportunistic mass-scanning likely.

SQLi Speakout Email Petitions
NVD
EPSS 9% CVSS 9.8
CRITICAL POC Act Now

The SpeakOut!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Speakout Email Petitions
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy